<?php
//定义页面的访问权限1.2.3... (1为最高权限)
$PAGE_AUTHORITY=99; //99在这里特殊的指登陆页面
require_once '../global.inc.php';

Database::connect($HOST, $NAME, $PWD, $DB);

//页面传入参数
$username 	= $_POST["username"];
$email		= $_POST["email"];
$verify		= $_POST["verify"];

//session中存储的随机码
$rand     	= $_SESSION["rand"];

//数据库变量
$table		= "user";
$condition	= "user_name='$username' and email='$email'";

//检查的验证码是否正确
if ($verify!=$rand) {
	echo "<script>alert('验证码不正确');</script>";
	echo "<script>history.go(-1);</script>";
	exit;
}

$result = Database::findByField($table, $condition);
if ($result) {
	$subject 	= "密码重置邮件，注意查收";
	$subject 	= "=?UTF-8?B?".base64_encode($subject)."?=";
	$message 	= "尊敬的用户，这是系统发给你的一封密码重置邮件，你的密码已经重置为：\"123456\"，为了你的帐号安全，请尽快登录本网站的修改密码页面修改你的密码！";
	$from 		= "admin@loto.com";
	$header 	= 'MIME-Version: 1.0' . "\r\n" 
  				. "Content-type: text/html; charset=utf-8". "\r\n" 
  				. "From: <$from>"."\r\n"; 
	Database::begin();
	$userId = $result["user_id"];
	//更新密码
	$rt = Database::update("update user set password='$NEWPWD' where user_id=$userId");
	//发送邮件
	$send = mail($email,$subject,$message,$header);
	if($send&&$rt){
		Database::commit();
		echo "<script>alert('一封密码重置的邮件已经发送到你的邮箱，请查收！');</script>";
		echo "<script>window.location.href='../login.php';</script>";
	}else{
		Database::rollback();
		echo "<script>alert('邮件发送失败，请稍后重试！');</script>";
		echo "<script>history.go(-1);</script>";
	}
	Database::end();
}else{
	echo "<script>alert('用户名或者邮箱输入错误！');</script>";
	echo "<script>history.go(-1);</script>";
}
Database::close();

?>